CyberTerrorism and Echelon
The U.S. Federal Bureau of Investigation defines Cyber Terrorism as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents." This would include the banking and insurance industry.
The National Cyber Security Division (NCSD)
This agency works collaboratively with public, private and international entities to secure cyberspace and America’s cyber assets. NCSD works to achieve its strategic objectives through the following programs:
- National Cyberspace Response System: The National Cyber Security Division seeks to protect the critical cyber infrastructure 24 hours a day, 7 days a week. The National Cyberspace Response System coordinates the cyber leadership, processes, and protocols that will determine when and what action(s) need to be taken as cyber incidents arise.
Current Cyber Preparedness and Response Programs include:
- Cybersecurity Preparedness and the National Cyber Alert System: Cyber threats are constantly changing. Both technical and non-technical computer users can stay prepared for these threats by receiving current information by signing up for the National Cyber Alert System.
- US-CERT Operations: US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.
- National Cyber Response Coordination Group: Made up of 13 federal agencies, this is the principal federal agency mechanism for cyber incident response. In the event of a nationally significant cyber-related incident, the NCRCG will help to coordinate the federal response, including US-CERT, law enforcement and the intelligence community.
- Cyber Cop Portal: Coordination with law enforcement helps capture and convict those responsible for cyber attacks. The Cyber Cop Portal is an information sharing and collaboration tool accessed by over 5,300 investigators worldwide who are involved in electronic crimes cases. Source: U.S. Department of Homeland Security http://www.dhs.gov/xabout/structure/editorial_0839.shtm
In the beginning…there was Echelon
Echelon origins are in the National Security Agency. Echelon deploys technology so advanced that it can scan all forms of communications i.e. cell phones conversations, emails, instant and text messages, computer transmissions for words or communications that could be of interest to government agencies such as the Central Intelligence Agency (CIA).
Echelon is an eavesdropping system so vast that it spans the globe, collecting telephone and data transmissions at network nodes around the world, archiving every one of them. Echelon’s technology enables large scale automated monitoring of our personal communications. If your conversation, fax or email triggers any one of the automatic mechanisms, it is forwarded to a human analyst for determination. If you have said anything in that communication that could remotely indicate that you may be about to break or might have already broken a law and that communication was received outside the USA, that information is forwarded to the appropriate US agency for handling.
This effectively subverts the 4th Amendment's guarantee “against unreasonable searches and seizures”
Saving Grace?
It is interesting to note that Echelon’s global and national monitoring projects that have long been considered an imposition on freedom of speech and movement by many in the American public . In the end…it may be the saving grace of us all. “Electronic surveillance has been extremely effective in securing the conviction of more than 25,600 dangerous felons including terrorist for more than a decade. Source: FBI Website at www.fbi.gov/programs/carnivore/carnivore.htm
Carnivore, Echelon and DCSNet
Keith Lourdeau, Deputy Assistant Director, Cyber Division, FBI stood before the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security in February 24, 2004 and told this story:
“I’ve Hacked The Server...Pay Me"
“In May 3, 2003, an e-mail was sent to the National Science Foundation’s (NSF) Network Operations Center which read, “I’ve hacked into the server of your South Pole Research Station. Pay me off, or I will sell the station’s data to another country and tell the world how vulnerable you are.” The e-mail contained data only found on the NSF’s computer systems, proving that this was no hoax. NSF personnel immediately shut down the penetrated servers. During May, the temperature at the South Pole can get down to 70 degrees below zero Fahrenheit; aircraft cannot land there until November due to the harsh weather conditions. The compromised computer systems controlled the life support systems for the 50 scientists “wintering over” at the South Pole Station.
The FBI determined that the hackers were accessing their e-mails from a cyber café in Romania. One of the hop points utilized by the intruder was a computer system in Pittsburgh owned and operated by a trucking company. A hop point is a computer system, usually compromised by the intruder that is utilized to conceal the true location and identity of the intruder. Joint FBI investigative efforts with the Romanian authorities, in this matter, resulted in the seizure of documents, a credit card used in the extortion scheme, and a computer that contained the very e-mail account that was used to make the demands of the National Science Foundation. On June 3, 2003, two Romanian citizens accused of hacking into the NSF South Pole Research Station were arrested in a joint FBI/Romanian police operation. The two are currently scheduled to stand trial in Romania. Source: Testimony of Keith Lourdeau, Deputy Assistant Director, Cyber Division, FBI - Before the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security…February 24, 2004
Echelon and Carnivore...Big Brother Watching?
Corporations are taking steps to protect computer networks after the September 11th, 2001 attacks on the Pentagon and World Trade Center. Corporations still fear the next attacks might be launched online. Many are suggesting that we go back to low-tech, back to paper and faxes and what we used to do in the 1980s before we had virtual private networks and widespread Internet connections. Of course, we know this is not the best long-term strategy,
Carnivore versus EchelonEchelon is the older of two government-operated systems designed to intercept and analyze personal telecommunications on a wholesale basis. It is very interesting to note that before the Twin Tower Attacks, Echelon and Carnivore was viewed as a very real and very dangerous threat to liberty and privacy. Recent changes in surveillance rules may allow "Big Brother" to become a real hero in the War on Terrorism.There is no solid evidence to support the existence of Echelon. Maybe people may have confused this rumored system with the Carnivore system…just a thought.
Echelon has a sinister younger brother, nicknamed Carnivore (origins is with the Federal Bureau of Investigation (FBI). Carnivore has been renamed "DCS-1000" to improve its public image. In terms of privacy concerns as well as raw technological power, Carnivore looked like a toy compared to Echelon. The US government has admitted to operating Carnivore while no official admission of Echelon has ever been made.
Echelon was almost certainly the world's most sophisticated network monitoring system and, if rumors are to be believed, anyone who felt uncomfortable with the secrecy surrounding Carnivore should have been downright paranoid where Echelon is concerned. Carnivore was designed to track and intercept email messages. Carnivore is attached to the computers of an Internet Service Provider and scans email traffic for information of interest to the government. The FBI traditionally deployed Carnivore to scan e-mail traffic for Cyber-Terrorism activity.
Carnivore Used For Specific Reasons
The FBI named this system "Carnivore" in reference to its objective of collecting hard ("meaty") data. However, Carnivore captures only the raw bits of information. Messages that users encrypt with readily-available tools like PGP, for example, are not "cracked" by the system. Decoding these messages offline can require serious effort on the part of investigators.
The FBI used Carnivore for specific reasons. Particularly, the agency would request a court order to use Carnivore when a person was suspected of:
- Terrorism
- Child pornography/Exploitation
- Espionage
- Information Warfare
- Fraud
Echelon - Global Surveillance System
Echelon is a global system i.e. worldwide surveillance system - the tentacles of which reach into voice and data traffic carried by satellite, microwave, undersea cable and radio. Carnivore is a more local phenomenon. It resides in a "black box" attached to the computers of an Internet Service Provider. Carnivore, which is operated by the FBI, cannot be installed without a court order. But unlike traditional wiretaps, which target only the phone of an identified suspect, Carnivore sifts through email traffic indiscriminately.
FBI Shuts Down Carnivore in 2005
In the year 2005, The Federal Bureau of investigation abandoned its custom-built Internet surveillance technology designed to read e-mails and other online communications among suspected criminals, terrorists and spies, according to bureau oversight reports submitted to Congress in 2005.
FBI Did Not Go Quietly In the Night
Instead, the FBI said it has switched to unspecified commercial software to eavesdrop on computer traffic during such investigations and has increasingly asked Internet providers to conduct wiretaps on targeted customers on the government's behalf, reimbursing companies for their costs...the saga continues. The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device. Source: Freedom of Information Act
DCSNet
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is embedded into our nation's telecom infrastructure. Do not let anyone tell you otherwise. DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages.
The FBI’s system is comprehensive. This system intercepts wire line phones, cellular phones, push-to-talk systems and SMS. Commonly called “Text Messaging”, Short Message Service (SMS) is a communications protocol allowing the interchange of short text messages between mobile telephone devices. SMS text messaging is the most widely used data application on the planet, with over 2.4 billion active users, or 74% of all mobile phone subscribers sending and receiving text messages on their phones.
DCSNet’s Working Parts
Electronic Frontier Foundation stated that DCSNet includes at least three collection components, each running on Windows-based computers.
- DCS-3000 also known as Red Hook: handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information -- primarily the numbers dialed from a telephone -- but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)
- DCS-6000, known as Digital Storm: captures and collects the content of phone calls and text messages for full wiretap orders.
- DCS-5000 (CLASSIFIED): is used for wiretaps targeting spies or terrorists.
Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.
Who Tapping The FBI?
FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government's behalf. So the short answer is no one!
Adhere To Your Company’s Privacy Policies and Procedures
It is important for Financial Services Professionals to adhere to their companies and broker dealer privacy policies that are designed to protect client and customer data.
Sample Privacy Statements are shown below for your review and understanding. Please consult your company(ies) and Broker Dealer websites and compliance department for your specific privacy policies and procedure.
HIPPA Privacy Policy
Sources:
Permalink | Print
Ryan Cass posted on Friday, October 21, 2011
Tags: Social Media, DCSNet, Cyberattack, Computer Hacker, Social Networking, Cyberterrorism
Posted in: Site News, Social Media
eMail Becoming Petri Dish for Hackers
Email is evolving into badlands for rogues and outlaws. Computer Hacking seems to be in the news again lately.
Maybe You Should Watch The Waiter
Man...
World Trade Center...Progress Report
Rebuilding The World Trade Center
"From day one, my team has been committed to rebuilding the World Trade Center for the benefit of the C...
Social Media - A Message To Financial Institutions
Social Media is no longer a luxury. It is now a necessary platform that enhances a business person or company capacity to excel in any market. Social ...
NASDAQ's Directors Desk HACKED
Nasdaq Service That Promised Secure Board Communications Possibly Compromised
Nasdaq OMX Group acknowledged Saturday that a Web-based service that ...
The Real Value Proposition of Social Networks
SOCIAL NETWORKING
Social Networks such as Facebook and LinkedIn do a tremendous job of creating smaller and smaller groups that share particula...
top